在为mysql-proxy编写lua脚步的时候,需要知道一下几个入口函数,通过这几个入口函数我们可以控制mysql-proxy的一些行为。
- connect_server() 当代理服务器接受到客户端连接请求时(tcp中的握手)会调用该函数
- read_handshake() 当mysql服务器返回握手相应时会被调用
- read_auth() 当客户端发送认证信息(username,password,port,database)时会被调用
- read_auth_result(aut) 当mysql返回认证结果时会被调用
- read_query(packet) 当客户端提交一个sql语句时会被调用
- read_query_result(inj) 当mysql返回查询结果时会被调用
1.connect_server使用
function read_handshake( )
local con = proxy.connection print("<-- let's send him some information about us")
print(" server-addr : " .. con.server.dst.name)
print(" client-addr : " .. con.client.src.name)
-- lets deny clients from !127.0.0.1
if con.client.src.address ~= "127.0.0.1" then
proxy.response.type = proxy.MYSQLD_PACKET_ERR
proxy.response.errmsg = "only local connects are allowed"
print("we don't like this client");
return proxy.PROXY_SEND_RESULT
end
end
获取代理的链接对象,这个对象是全局的,可以在函数中直接拿来使用。从连接对象中我们可以拿到客户端名称和服务器名称,通过也能获得客户端的ip地址,上面的代码就是禁止非本机ip登录mysql。
2、read_auth使用
读取用户的认证信息包括用户名、密码、所要连接的数据库。其中的proxy.MYSQLD_PACKET_ERR是mysql-proxy中自带的常量。
function read_auth( )
local con = proxy.connection print("--> there, look, the client is responding to the server auth packet")
print(" username : " .. con.client.username)
print(" password : " .. string.format("%q", con.client.scrambled_password))
print(" default_db : " .. con.client.default_db) if con.client.username == "evil" then
proxy.response.type = proxy.MYSQLD_PACKET_ERR
proxy.response.errmsg = "evil logins are not allowed" return proxy.PROXY_SEND_RESULT
end
end
3.read_auth_result使用
通过该方法我们可以获得mysql数据库的认证结果,认证结果由auth对象持有,我们可以访问其packet属性(字符串类型),可以查看返回结果。字符串的第一个字符是对结果的标识。
function read_auth_result( auth )
local state = auth.packet:byte() //获取第一个字符并将其转为整型 if state == proxy.MYSQLD_PACKET_OK then
print("<-- auth ok");
elseif state == proxy.MYSQLD_PACKET_ERR then
print("<-- auth failed");
else
print("<-- auth ... don't know: " .. string.format("%q", auth.packet));
end
end
4.read_query的使用
packet中就存放着客户请求的SQL语句,类型为字符串类型。起始第一个字符同上,为标识符。这里判断是不是一个查询语句,是的话就从第二个字符开始输出查询语句。
function read_query( packet )
print("--> someone sent us a query")
if packet:byte() == proxy.COM_QUERY then
print(" query: " .. packet:sub()) if packet:sub() == "SELECT 1" then
proxy.queries:append(, packet)
end
end end
5、read_query_result使用
其实我们该函数和read_query函数时是希望对SQL语句进行处理,但是由于时间有限,不能对mysql-proxy提供的sql处理继续研究,这里先就先贴出来。
function read_query_result( inj )
print("<-- ... ok, this only gets called when read_query() told us") proxy.response = {
type = proxy.MYSQLD_PACKET_RAW,
packets = {
"\255" ..
"\255\004" .. -- errno
"#" ..
"12S23" ..
"raw, raw, raw"
}
} return proxy.PROXY_SEND_RESULT
end
--[[ $%BEGINLICENSE%$
Copyright (c) 2007, 2008, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License. This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA $%ENDLICENSE%$ --]] local proto = require("mysql.proto") local prep_stmts = { } function read_query( packet )
local cmd_type = packet:byte()
if cmd_type == proxy.COM_STMT_PREPARE then
proxy.queries:append(, packet, { resultset_is_needed = true } )
return proxy.PROXY_SEND_QUERY
elseif cmd_type == proxy.COM_STMT_EXECUTE then
proxy.queries:append(, packet, { resultset_is_needed = true } )
return proxy.PROXY_SEND_QUERY
elseif cmd_type == proxy.COM_STMT_CLOSE then
proxy.queries:append(, packet, { resultset_is_needed = true } )
return proxy.PROXY_SEND_QUERY
end
end function read_query_result(inj)
if inj.id == then
-- print the query we sent
local stmt_prepare = assert(proto.from_stmt_prepare_packet(inj.query))
print(("> PREPARE: %s"):format(stmt_prepare.stmt_text)) -- and the stmt-id we got for it
if inj.resultset.raw:byte() == then
local stmt_prepare_ok = assert(proto.from_stmt_prepare_ok_packet(inj.resultset.raw))
print(("< PREPARE: stmt-id = %d (resultset-cols = %d, params = %d)"):format(
stmt_prepare_ok.stmt_id,
stmt_prepare_ok.num_columns,
stmt_prepare_ok.num_params)) prep_stmts[stmt_prepare_ok.stmt_id] = {
num_columns = stmt_prepare_ok.num_columns,
num_params = stmt_prepare_ok.num_params,
}
end
elseif inj.id == then
local stmt_id = assert(proto.stmt_id_from_stmt_execute_packet(inj.query))
local stmt_execute = assert(proto.from_stmt_execute_packet(inj.query, prep_stmts[stmt_id].num_params))
print(("> EXECUTE: stmt-id = %d"):format(stmt_execute.stmt_id))
if stmt_execute.new_params_bound then
for ndx, v in ipairs(stmt_execute.params) do
print((" [%d] %s (type = %d)"):format(ndx, tostring(v.value), v.type))
end
end
elseif inj.id == then
local stmt_close = assert(proto.from_stmt_close_packet(inj.query))
print(("> CLOSE: stmt-id = %d"):format(stmt_close.stmt_id)) prep_stmts[stmt_close.stmt_id] = nil -- cleanup
end
end
这里使用了MySQL新的接口stmt,对其不了解可以查看下面的连接。